Skip to content

Commit

Permalink
Mark user as recently authenticated upon signin
Browse files Browse the repository at this point in the history
  • Loading branch information
viroulep committed Feb 11, 2020
1 parent b56ce49 commit e513974
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 5 deletions.
9 changes: 9 additions & 0 deletions WcaOnRails/app/controllers/sessions_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,15 @@ def generate_email_otp
render json: { status: "ok" }
end

def create
# Overrides Devise's create sign in method and pass it a block executed
# after sign in, to mark use as recently authenticated upon sign in.
# See https://www.rubydoc.info/github/plataformatec/devise/Devise/SessionsController#create-instance_method
super do |resource|
session[:last_authenticated_at] = Time.now
end
end

private

def two_factor_enabled?
Expand Down
2 changes: 1 addition & 1 deletion WcaOnRails/spec/models/user_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -586,7 +586,7 @@
let(:user) { FactoryBot.create(:user, password: "wca") }

context "when the password is not given in the params" do
it "updates the attributes if the current_password matches" do
it "updates the unconfirmed email" do
user.update(email: "new@email.com")
expect(user.reload.unconfirmed_email).to eq "new@email.com"
end
Expand Down
7 changes: 3 additions & 4 deletions WcaOnRails/spec/requests/users_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,9 @@
it 'cannot change password when not recently authenticated' do
user = FactoryBot.create :user

# sign in
post user_session_path, params: { 'user[login]' => user.email, 'user[password]' => user.password }
follow_redirect!
expect(response).to be_successful
# Using sign_in here instead of the post action, as it does *not* trigger setting the
# recently_authenticated_at session variable.
sign_in user
get profile_edit_path
expect(response).to be_successful

Expand Down

0 comments on commit e513974

Please sign in to comment.